Generic Host Process for Win32 Service wants to accept connections from the Internet??

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Generic Host Process for Win32 Service wants to accept connections from the Internet??

I know this topic was covered to some extent by Oldsod and Newscoop a few days ago but I seem to have a similar problem in as much as I dont know if I should be accepting or denying access.
I get the following,
Application

Sychost.exe

Source
IP

0.0.0.0 Port 135I deny that then a few minutes later I get something like

Source IP

192.168.0.1 Port 3076

then port 34339
etc etc.
I deny all these one at a time because I have no idea what it refers to but it goes on and on, each time a differect port.
Help and advice regarding this would be much appreciated.
Rimmer.

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

I used a general rule to block all from 0.0.0.0 to Any, TCP and UDP, Source Port 135, destination Port any. This seemed to work with no ill effects for me. Log or not as you wish. This is The End Point Mapper.

Here is some info I found a year or so ago(I am sorry I don't know who to credit):

&quot;Location Service. This is the infamous RPC portmapper, svchost.exe (supporting &quot;DCE services&quot; for remote hosts), focus of a recent NT/2k/XP vulnerability. It
listens for both TCP and UDP packet types.

The idea of an RPC (Remote Procedure Call) portmapper was invented by Sun Microsystems, and is both good, because it's useful for network programming, and bad, because it raises security challenges. Its operation means you can code network daemons without assigning them ports, and instead have them request the portmapper for an assignment. The challenges are several:

It leaks valuable information about the system to the bad guys.

Its complexity means it's a likely place for vulnerabilities to crop up.

When you hear of such vulnerabilities, disabling it might be prohibitively painful, because too much relies on it. It's a single point of failure for other things.

Because it assigns ports dynamically to services that rely on it, those services no longer run on predictable ports, which makes them much harder to protect.

For all of those reasons, a running portmapper tends to make security people antsy. If it must be left running typically because of NFS or NIS/NIS+ daemons
on Unix boxes, then security folk will try to heavily protect it.&quot;

I am a new ZA User. Hope this helps. You still might find you need it for something, but so far I haven't.

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

Is that Sychost.exe or svchost.exe?

The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you earch the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?

If it is Sychost.exe, then it is a process added to the system as a result of the LEOX.B VIRUS

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

Thanks OldDirt for your reply.
It is Sychost.exe

does this mean that I have the LEOX.B virus?
Is it dangerous and how do I get rid of it?.....And what is of great interest, how come my super-dooper fully paid up ZA AV did not detect it??
Any help or advice would be much appreciated.

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

I cant seem to find the discussion of just that problem:

&quot;The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you search the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?&quot;

I've tried fiddling with the program control, to no effect,
so now I'm trying to learn whether to allow or deny it,
or how to avoid the problem.
Can you point me?

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

<blockquote><hr>ZAFZAP wrote:
I cant seem to find the discussion of just that problem:

"The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you search the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?"

I've tried fiddling with the program control, to no effect,
so now I'm trying to learn whether to allow or deny it,
or how to avoid the problem.
Can you point me?
<hr></blockquote>

In general....
svchost.exe will connect in and out of the 127.0.0.1 (loopback address) and the 0.0.0.0 (non-route or zero octet address) by TCP (and UDP), connect to the remote port 67 of the DHCP server and accept connections from the dhcp server's port 67 to the computer's own port 68, connect to the remote port 53 of the DNS server and accept connections from that DNS server's port 53, connect to the remote port 123 of the time server and accept incoming connections from that port.
Svchost.exe can be seen in many outgoing connections in windows going to the remote ports 80 (HTTP), 443 (HTTPS) and other things such as RTSP, POP3, etc.
Also used in the tracert, ping, nslookups, etc.
But not limited to just these, as these are some of the generally seen items for the average home user.
Usually the other window processes such as winlogon.exe, userinit.exe, csrss.exe, services.exe, explorer.exe, rundll32.exe and a few others are associated with these svchost.exe connections too.

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

All rather confusing but took up OldDirts idea of Leox.B virus.
On googling it I came up with 'True Sword' from Security Stronghold and did their 'free scan'.

Nothing came up to suspect Leox but loads of other c**p did.
75 items according to them!
So thought I'd have a look at other malware/adware programs and found a blog saying 'True Sword' was utter rubbish and 'Spyzooka' was much better.

So...............are any of these sort of programs any more effective that the free version of Spywareblaster etc??

Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

<blockquote><hr>rimmer wrote:
All rather confusing but took up OldDirts idea of Leox.B virus.
On googling it I came up with 'True Sword' from Security Stronghold and did their 'free scan'.

Nothing came up to suspect Leox but loads of other c**p did.
75 items according to them!
So thought I'd have a look at other malware/adware programs and found a blog saying 'True Sword' was utter rubbish and 'Spyzooka' was much better.

So...............are any of these sort of programs any more effective that the free version of Spywareblaster etc??
<hr></blockquote>
Go here: